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1 July 1980 


MEMORANDUM FOR: Chief, Policy and Plans Group 


FROM: 
Deputy Director for Community Affairs 


SUBJECT: APEX - One System for Industry STATINTL 


Ls [has legitimate concerns. They continue 
to crop up in spite of many efforts to address them to the 


satisfaction of government and industry. seems 
to be attempting to make another try at gaining recognition 
for the impact of APEX and gaining acceptance of that impact 
by the Community's senior management. He wants to start with 
CIA. 


2. I think his examples are extreme. They are not as 
awesome as first reading gives to suspect. Reviewing his 
examples, some comfort can be drawn from recasting his intent 
into words that are more familiar. 


3. When he speaks of CIA acceptance of: 


e "Navy background investigations", he means 
that when DIS investigates contractor personnel in 
accordance with DCID 1/14 that the CIA would, for 
example, permit the contractor to enter CIA on 
certification of his "access approval", and a state- 


ment of justification from a CIA h We would Se 
accept the Navy's certification of access for 
example. 
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e "Army physical inspection of SCI facilities", 
he means that on satisfactory completion of a Memo- 
randum of Understanding between CIA and Army on joint 
use of an APEX industrial facility, and an agreement 
that Army has the cog, that Army will be responsible 
for intermittent physical inspections and that CIA 
will not insist on doing its own. This issue is 
basically the heart of the current deliberation 
whether physical security standards should be "minimum" 
or "uniform". 


e "DoD adjudications of security investigations", 
he means DIS investigations and departmental or NSA 
adjudications putting us back in the scenario with the 
Navy above. 


e "NSA-granted exceptions of the 2 person rule", 
he means that if NSA waives the 2 person rule in an 
industrial facility and CIA wants to piggyback on the 
facility, we can't make NSA back off, nor can we insist 
that the facility change. But this type issue would be 
presented and discussed between NSA and CIA at time of 
drafting of the Memorandum of Understanding. 


e "AF periodic security examination of physical 
and procedural affairs", he means that if CIA and AF 
agree on using an industrial facility and AF has the STATINTL 
cog, CIA accepts AF survey. Whitel originally 
included in this idea the concept that AF would do the 
annual survey of documents belonging to CIA, he will 
be dissuaded. 


e "Nondisclosure Agreement executed under NSA 
aegis", he means that there is only one Nondisclosure 
Agreement required in the APEX System. If NSA gets 
an industrial team signed up for SI, the team members 
will have to sign the APEX Nondisclosure Agreement. STATINTL 
When CIA comes to the team with an program, the 
CIA will not require execution of another Nondisclosure 
Agre t. CIA may have the team execute a reminder 
that is part of APEX. 
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e {indoctrination for access to a particular 
system", he means that if for example, 
signs someone up for [L__]and subsequently CIA wants 
to talkL____]} with the chap, CIA will not insist on 
repeating the indoctrination, but will accept 
certification of access approval (or better yet, just 
check the chap's tickets on 4C and accept the evidence 
of the data base). 


STAT 


e "DOE certification for a particular product 
access", he means that if the SIO of DOE says that one 
of his people has a need-to-know for HUMINT product or 
IMAGERY product, that the man meets DCID 1/14 standards, 
has been given a security briefing and has signed a Non- 
disclosure Agreement, the CIA will not question any of 
this, but will accept the DOE certification. STATINTL 


4. When[L____—id|talks in paragraph 3 about DoD pre- 
paring implementing procedures to the approved APEX Security 


Policy Manual for Industry, he is acknowledging a couple of 
things. First, he is saying that APEX policy manual, now 
approved by NFIB calls for each department and agency to prepare 
implementing manuals, each of these implementing manuals will be 
reviewed by the APEX Steering Committee, of which[___] is 
Chairman, to make sure that all aspects of it meet the APEX 
policy pronouncements. [_____]is also saying that no one other 
than DIA has even started drafting implementers. Time is running 
out. The DCI has set 1 January 1981 as the start date for APEX. 
I er to meet that date and to have available a "How to' book, 
[ [prepeses adoption of the DIA implementing manual. 


5. We can argue on this one, but I don't see any reason 
to insist on more than reserving our vote of agreement g7MTINTL 
rejection until DIA floats its draft. 


6. In paragraph 5 I think [jis setting up the DCI 
and subsequently the Agency management, for a coming challenge 
to some of the DCID's. There is no doubt that APEX will require 
some review of DCID's and maybe some modification. For example, 
does it make continued sense to require all people be cleared 
for all data on a computer data base - as DCID 1/16 does? Have 
hardware or software controls and lockouts not progressed to 
some point where more security assurances can be given in 1980 
than could be given in 1974-78? In connection with DCID 1/14 - 
I know that [[___] has heard that the investigative criteria of 
that document has been liberally interpreted by DIS. He spoke 
of putting more DCI control in any revision. This leads him to 


“Approved For Release 2006/11/20 : CIA-RDP85T00788R000100110022-8 


STATINTL 


Approved For Release 2006/11/20 : CIA-RDP85T00788R000100110022-8 


STATINTL 


his mention of poly or no poly for contractors. He favors 
poly for all contractors and wants the DCI to support this 
issue fully throughout the community. But he is backing 

off from raising these issues at the meeting he wants to hold 
for CIA senior staff. 


7. In paragraph (a takes a shot at NSA and 
CIA as the principal creators oO ifficulties because we impose 
more than DCID standards. I think he is addressing the need 
for uniform physical security standards which both NSA and CIA 
appear reluctant to support. He may also be addressing the 
poly issue. But again, it is a reflection that there is 
reluctance in CIA to adopt and support some aspects of the APEX 
single system. And that is the ot wants to bring 
before the DCI. 


STATINTL 
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